Grant types are used to authorize access to protected resources in different ways. This section lists out the main OAuth2 grant types supported by WSO2 Identity Server.
Identity Server 5.4.0 provides more control over issuing id tokens and user claims for client-credential grant type. To facilitate this, the following configurations should be added to identity.xml in order to register new ScopeHandlers and ScopeValidators.
By making <IdTokenAllowed> 'true' or 'false' along with the above configuration, you can turn the issuing id tokens on/off for the grant types with 'openid' scope. (By default IdTokenAllowed is set to 'true', you can allow it to issue id_tokens for all grant types with 'openid' scope). By making this false, you can stop issuing id tokens. Anyway for authorization_code, you cannot turn off issuing id tokens.
By making <IsRefreshTokenAllowed> 'true' or 'false' along with the above configuration, you can turn the issuing refresh tokens on/off. (By default IsRefreshTokenAllowed is set to 'true', you can allow it to issue refresh tokens for all grant types). By making this false, you can stop issuing refresh tokens.
Note that issuing id token is disabled for client_credentials grant type by default as it is logically invalid.